[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Condor-users] Security Survey

Dear All

We were wondering what kinds of precautions users of Condor on Windows take when they allow multiple submit machines to send executables to run on execute nodes, one particular case we are currently investigating is Matlab and the behaviour of a self extracting Matlab code which causes our heuristic antivirus package (Kaspersky) to report a hidden installation e.g. a Trojan.  We are loath to disable any of the features of our antivirus package however the user that runs the code still needs those jobs to run so we were wondering what kinds of security precautions other Condor administrators are taking on their Condor pool to balance the need to provide a secure workstation service to cf 8000 users whilst at the same time allowing Matlab codes to run.  We are also interested in a straw poll of the kinds of antivirus package that other sites have deployed and their strategies for coping with interesting jobs like this Matlab self extractor.  One idea we have come up with is a testing regime which ultimately puts the blame on the end user should they run a Trojan like program and damage execute nodes in a testing sandpit before they run on the production pool.  Do other sites out there have a similar testing regime for codes ?  We have been doing some testing before letting user codes run on the production pool for a number of years now

Thanks in advance for any advice you can give...

Best regards



Dr James Osborne
Condor Project Manager
Advanced Research Computing @ Cardiff (ARCCA)

Cardiff University
Redwood Building
King Edward VII Avenue
Cardiff CF10 3NB

Tel +44(0)29 2087 4657
Email osborneja1@xxxxxxxxxxxxx